Feb 16, 2022

Principal Policy - Permit Access to Cross-Account Secret and KMS Key

Amazon Web Services AWS Secrets Manager AWS KMS
0
0
Kyler Middleton
Kyler MiddletonCloud IAM Advocate at IAM Pulse
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html

1{
2  "Version" : "2012-10-17",
3  "Statement" : [
4    {
5      "Effect" : "Allow",
6      "Action" : [
7        "secretsmanager:GetSecretValue"
8      ],
9      "Resource" : [
10        "arn:aws:secretsmanager:{{region}}:{{account-id}}:secret:{{secret-name}}*"
11      ]
12    },
13    {
14      "Effect" : "Allow",
15      "Action" : [
16        "kms:Decrypt"
17      ],
18      "Resource" : [
19        "arn:aws:kms:{{region}}:{{account-id}}:key/{{kms-key-id}}"
20      ]
21    }
22  ]
23}

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.